123
Gilbert Peterson
Sujeet Shenoi
(Eds.)
Advances in
Digital Forensics XII
IFIP AICT 484
IFIP Advances in Information
and Communication Technology 484
Editor-in-Chief
Kai Rannenberg, Goethe University Frankfurt, Germany
Editorial Board
Foundation of Computer Science
Jacques Sakarovitch, Télécom ParisTech, France
Software: Theory and Practice
Michael Goedicke, University of Duisburg-Essen, Germany
Education
Arthur Tatnall, Victoria University, Melbourne, Australia
Information Technology Applications
Erich J. Neuhold, University of Vienna, Austria
Communication Systems
Aiko Pras, University of Twente, Enschede, The Netherlands
System Modeling and Optimization
Fredi Tröltzsch, TU Berlin, Germany
Information Systems
Jan Pries-Heje, Roskilde University, Denmark
ICT and Society
Diane Whitehouse, The Castlegate Consultancy, Malton, UK
Computer Systems Technology
Ricardo Reis, Federal University of Rio Grande do Sul, Porto Alegre, Brazil
Security and Privacy Protection in Information Process ing Systems
Stephen Furnell, Plymouth University, UK
Artificial Intelligence
Ulrich Furbach, University of Koblenz-Landau, Germany
Human-Computer Interaction
Jan Gulliksen, KTH Royal Institute of Technology, Stockholm, Sweden
Entertainment Computing
Matthias Rauterberg, Eindhoven University of Technology, The Netherlands
IFIP The International Federation for Information Processing
IFIP was founded in 1960 under the auspi ces of UNESCO, following the first World
Computer Congress held in Paris the previous year. A federation for societies working
in information processing, IFIPs aim is two-fold: to support information processing in
the countries of its members and to encourage technology transfer to developing na-
tions. As its mission statement clearly states:
IFIP is the global non-prot federation of societies of ICT professionals that aims
at achieving a worldwide professional and socially responsible development and
application of information and communication technologies.
IFIP is a non-prot-making organization, run almost solely by 2500 volunteers. It
operates through a number of technical committees and working groups, which organize
events and publications. IFIPs events range from large international open conferences
to working conferences and local seminars.
The agship event is the IFIP World Computer Congre ss, at which both invited and
contributed papers are presented . Contributed papers are rigorously refereed and the
rejection rate is high.
As with the Congress, participation in the open conferen ces is open to all and papers
may be invited or submitted. Again, submitted papers are stringently refereed.
The working conferences are structured differently. They are usually run by a work-
ing group and attendance is generally smaller and occasionally by invitation only. Their
purpose is to create an atmosphere conducive to innovation and development. Referee-
ing is also rigorous and papers are subjected to extensive group discussion.
Publications arising from IFIP events vary. The papers presented at the IFIP World
Computer Congress and at open conferences are published as conference proceedings,
while the results of the working conferences are often published as collections of se-
lected and edited papers.
IFIP distinguishes three types of institutional membership: Country Representative
Members, Members at Large, and Associate Members. The type of organization that
can apply for membership is a wide variety and includes national or international so-
cieties of individual computer scientists/ICT professionals, associations or federations
of such societies, government institutions/govern ment related organization s, national or
international research institutes or consortia, universities, academies of sciences, com-
panies, national or international associations or federations of companies.
More information about this series at http://www.springer.com/series/6102
Gilbert Peterson
Sujeet Shenoi (Eds.)
Advances
in Digital Forensics XII
12th IFIP WG 11.9 International Conference,
New Delhi, January 46, 2016
Revised Selected Papers
123
Editors
Gilbert Peterson
Department of Electrical and Computer
Engineering
Air Force Institute of Technology
Wright-Patterson AFB, Ohio
USA
Sujeet Shenoi
Tandy School of Computer Science
University of Tulsa
Tulsa, Oklahoma
USA
ISSN 1868-4238 ISSN 1868-422X (electronic)
IFIP Advances in Information and Communication Technology
ISBN 978-3-319-46278-3 ISBN 978-3-319-46279-0 (eBook)
DOI 10.1007/978-3-319-46279-0
Library of Congress Control Number: 2016950753
© IFIP International Federation for Information Processing 2016
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the
material is concerned, specically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microlms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now
known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specic statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
The publisher, the authors and the editors are safe to assume that the advice and information in this book are
believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors
give a warranty, express or implied, with respect to the material contained herein or for any errors or
omissions that may have been made.
Printed on acid-free paper
This Springer imprint is published by Springer Nature
The registered company is Springer International Publishing AG Switzerland
Contents
Contributing Authors ix
Preface xvii
PART I THEMES AND ISSUES
1
On a Scientific Theory of Digital Forensics
3
Martin Olivier
2
Data Privacy Perceptions About Digital Forensic Investigations in
India
25
Robin Verma, Jayaprakash Govindaraj and Gaurav Gupta
3
A Framework for Assessing the Core Capabilities of a Digital Foren-
sic Organization
47
Ahmed Almarzooqi and Andrew Jones
PART II MOBILE DEVICE FORENSICS
4
Optimizing Short Message Text Sentiment Analysis for Mobile De-
vice Forensics
69
Oluwapelumi Aboluwarin, Panagiotis Andriotis, Atsuhiro Takasu and
Theo Tryfonas
5
Impact of User Data Privacy Management Controls on Mobile De-
vice Investigations
89
Panagiotis Andriotis and Theo Tryfonas
6
Analyzing Mobile Device Ads to Identify Users
107
Jayaprakash Govindaraj, Robin Verma and Gaurav Gupta
vi ADVANCES IN DIGITAL FORENSICS XII
7
A Forensic Methodology for Analyzing Nintendo 3DS Devices
127
Huw Read, Elizabeth Thomas, Iain Sutherland, Konstantinos Xynos and
Mikhaila Burgess
PART III NETWORK FORENSICS
8
Reconstructing Interactions with Rich Internet Applications from
HTTP Traces
147
Sara Baghbanzadeh, Salman Hooshmand, Gregor Bochmann, Guy-
Vincent Jourdan, Seyed Mirtaheri, Muhammad Faheem and Iosif Viorel
Onut
9
Reconstructing Tabbed Browser Sessions Using Metadata Associations
165
Sriram Raghavan and S.V. Raghavan
10
A Probabilistic Network Forensic Model for Evidence Analysis
189
Changwei Liu, Anoop Singhal and Duminda Wijesekera
PART IV CLOUD FORENSICS
11
API-Based Forensic Acquisition of Cloud Drives
213
Vassil Roussev, Andres Barreto and Irfan Ahmed
12
The Cloud Storage Ecosystem A New Business Model for Internet
Piracy?
237
Raymond Chan, Kam-Pui Chow, Vivien Chan and Michael Kwan
PART V SOCIAL MEDIA FORENSICS
13
Windows 8.x Facebook and Twitter Metro App Artifacts
259
Swasti Bhushan Deb
14
Profiling Flash Mob Organizers in Web Discussion Forums
281
Vivien Chan, Kam-Pui Chow and Raymond Chan
Contents vii
PART VI IMAGE FORENSICS
15
Enhancing Image Forgery Detection Using 2-D Cross Products
297
Songpon Teerakanok and Tetsutaro Uehara
16
Forensic Authentication of Bank Checks
311
Rajesh Kumar and Gaurav Gupta
PART VII FORENSIC TECHNIQUES
17
Data Type Classification: Hierarchical Class-to-Type Modeling
325
Nicole Beebe, Lishu Liu and Minghe Sun
18
Secure File Deletion for Solid State Drives
345
Bhupendra Singh, Ravi Saharan, Gaurav Somani and Gaurav Gupta
PART VIII FORENSIC TOOLS
19
A Tool for Volatile Memory Acquisition from Android Devices
365
Haiyu Yang, Jianwei Zhuge, Huiming Liu and Wei Liu
20
Advanced Automated Disk Investigation Toolkit
379
Umit Karabiyik and Sudhir Aggarwal
Contributing Authors
Oluwapelumi Aboluwarin is a Software Engineer with Nexmo, Lon-
don, United Kingdom. His research interests include natural language
processing, text mining and conversational user interfaces.
Sudhir Aggarwal is a Professor of Computer Science at Florida State
University, Tallahassee, Florida. His research interests include password
cracking, information security and building software tools and systems
for digital forensics.
Irfan Ahmed is an Assistant Professor of Computer Science at the
University of New Orleans, New Orleans, Louisiana. His research inter-
ests are in the areas of malware detection and analysis, digital forensics,
industrial control systems security and Internet of Things security.
Ahmed Almarzooqi is a Ph.D. student in Digital Forensics at De
Montfort University, Leicester, United Kingdom. His research interests
include digital forensics and information security.
Panagiotis Andriotis is a Research Associate in the Information Se-
curity Research Group, Department of Computer Science, University
College London, London, United Kingdom. His research interests in-
clude digital forensics, text mining, content analysis, systems security
and human aspects of security, privacy and trust.
Sara Baghbanzadeh is a Software Engineer with Gnowit, Ottawa,
Canada. Her research interests include web crawling and session recon-
struction for rich Internet applications.
x ADVANCES IN DIGITAL FORENSICS XII
Andres Barreto is a Software Developer for Archon Information Sys-
tems, New Orleans, Louisiana. His research interests include digital
forensics and building scalable and usable web applications.
Nicole Beebe is an Associate Professor of Cyber Security at the Univer-
sity of Texas at San Antonio, San Antonio, Texas. Her research interests
include digital forensics, cyber security and advanced analytics.
Gregor Bochmann is a Professor of Computer Science at the Univer-
sity of Ottawa, Ottawa, Canada. His research interests include software
engineering for distributed applications, peer-to-peer systems and rich
Internet applications.
Mikhaila Burgess is an Associate Professor of Digital Forensics at
Noroff University College, Kristiansand, Norway. Her research interests
include digital forensics, information security, data management and big
data.
Raymond Chan is a Ph.D. student in Computer Science at the Uni-
versity of Hong Kong, Hong Kong, China. His research interests include
digital forensics and critical infrastructure protection.
Vivien Chan is a Research Project Manager at the University of Hong
Kong, Hong Kong, China. Her research interests include cyber criminal
profiling and digital forensics.
Kam-Pui Chow is an Associate Professor of Computer Science at the
University of Hong Kong, Hong Kong, China. His research interests
include information security, digital forensics, live system forensics and
digital surveillance.
Swasti Bhushan Deb is a Senior Project Manager at the Kolkata Cy-
ber Laboratory, Data Security Council of India, Kolkata, India. His
research interests include cyber crime detection, and computer and mo-
bile device forensics.